eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Upstream patch: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
Created ppp tracking bugs for this issue: Affects: fedora-all [bug 1800734]
Statement: The ppp packages distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The "Stack Smashing Protection" may help mitigate code execution attacks for this flaw and limit its impact to crash only.
What's the impact to set in the errata field?
(In reply to Jaroslav Škarvada from comment #8) > What's the impact to set in the errata field? I got the information from one of the cloned bugzillas: Important.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0630 https://access.redhat.com/errata/RHSA-2020:0630
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0634 https://access.redhat.com/errata/RHSA-2020:0634
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0633 https://access.redhat.com/errata/RHSA-2020:0633
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0631 https://access.redhat.com/errata/RHSA-2020:0631
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8597
Mitigation: Red Hat is working on providing updates packages which patches this flaw. This flaw can only be mitigated by updating to these package versions. The "Stack Smashing Protection" may help mitigate code execution attacks for this flaw and limit its impact to crash only.